Skip to content

[BUG] Okta Spring Starter Web doesn't properly initialize in WebFlux #761

New issue
New issue
Open
Open
[BUG] Okta Spring Starter Web doesn't properly initialize in WebFlux#761
@vibbix

Description

@vibbix
vibbix
opened on Jan 8, 2025

I'm submitting a

  • bug report
  • feature request

Background info

When using Spring WebFlux with Okta Spring starter, the logs say that the several of the Okta Post Processor beans aren't eligible for post processing. This breaks debugging workflows reliant on AOP style checks, and creates tons of log spam.

Expected behavior

No warning log's appear when starting up in Reactive server mode.

What went wrong?

When booting up these logs appear:

logs

2025-01-08T13:03:27.399-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [oktaOAuth2ResourceServerBeanPostProcessor] is declared through a non-static factory method on that class; consider declaring it as static instead.
2025-01-08T13:03:27.418-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'spring.security.oauth2.client-org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties' of type [org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [oktaOAuth2ResourceServerBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.422-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'okta.oauth2-com.okta.spring.boot.oauth.config.OktaOAuth2Properties' of type [com.okta.spring.boot.oauth.config.OktaOAuth2Properties] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [oktaOAuth2ResourceServerBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.423-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.ReactiveOktaOAuth2ServerHttpServerAutoConfig' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2ServerHttpServerAutoConfig] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). The currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor] is declared through a non-static factory method on that class; consider declaring it as static instead.
2025-01-08T13:03:27.425-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.ReactiveOktaOAuth2AutoConfig' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2AutoConfig] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.426-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'com.okta.spring.boot.oauth.AuthorityProvidersConfig' of type [com.okta.spring.boot.oauth.AuthorityProvidersConfig$$SpringCGLIB$$0] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.426-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'tokenScopesAuthoritiesProvider' of type [com.okta.spring.boot.oauth.AuthorityProvidersConfig$$Lambda/0x000000080057cb18] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.427-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'groupClaimsAuthoritiesProvider' of type [com.okta.spring.boot.oauth.AuthorityProvidersConfig$$Lambda/0x000000080057cd40] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.507-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'oauth2UserService' of type [com.okta.spring.boot.oauth.ReactiveOktaOAuth2UserService] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.
2025-01-08T13:03:27.510-05:00  WARN 84534 --- [siw-jquery] [  restartedMain] trationDelegate$BeanPostProcessorChecker : Bean 'oidcUserService' of type [com.okta.spring.boot.oauth.ReactiveOktaOidcUserService] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying). Is this bean getting eagerly injected/applied to a currently created BeanPostProcessor [authManagerServerHttpSecurityBeanPostProcessor]? Check the corresponding BeanPostProcessor declaration and its dependencies/advisors. If this bean does not have to be post-processed, declare it with ROLE_INFRASTRUCTURE.

Steps to reproduce

Set any of the Okta Spring Boot exampls projects to use Spring WebFlux.
For siw-jquery for example

examples/siw-jquery/src/main/java/com/okta/spring/example/ImplicitFlowApplication.java

/*
 * Copyright 2017 Okta, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.okta.spring.example;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.server.SecurityWebFilterChain;

@SpringBootApplication
@EnableMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class ImplicitFlowApplication {

    public static void main(String[] args) {
        SpringApplication.run(ImplicitFlowApplication.class, args);
    }

    @Configuration
    static class SecurityConfig {

        @Bean
        @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
        SecurityFilterChain servletFilterChain(HttpSecurity http) throws Exception {
            http.authorizeHttpRequests((requests) -> requests
                    .requestMatchers("/", "/index.html", "/sign-in-widget-config")
                    .permitAll()
                    .anyRequest()
                    .authenticated()
                )
                .oauth2ResourceServer(d -> d.jwt(f -> {}))
                .cors(f -> {});

            return http.build();
        }

        @Bean
        @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
        SecurityWebFilterChain rxFilterChain(ServerHttpSecurity http) throws Exception {
            http.authorizeExchange((requests) -> requests
                    .pathMatchers("/", "/index.html", "/sign-in-widget-config")
                    .permitAll()
                    .anyExchange()
                    .authenticated()
                )
                .oauth2ResourceServer(d -> d.jwt(f -> {}))
                .cors(f -> {});

            return http.build();
        }
    }
}

examples/siw-jquery/src/main/resources/application.yml

okta:
 oauth2:
   issuer: "{yourOktaDomain}/oauth2/default"
   client-id: "{clientId}"
logging:
  level:
    ROOT: INFO
spring:
  main:
    web-application-type: reactive

examples/siw-jquery/pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
     <!--........-->
    <dependencies>
        <!--........-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-rest</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-webflux</artifactId>
        </dependency>
        <!--........-->
</project>

SDK Version

This is running straight from the repository on master branch.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions